Tuesday, May 10, 2011

Malware Protection is a rogue anti-virus application that runs a fake system scan and then concludes that your computer has a malware infection or serious security/privacy issues. To fix the malware infection you must pay a fee, about $50. The rogue program copies user interface elements from real programs and it looks like a legitimate application. Plenty of people shell out $50 to register this fraud and that's a big problem because if you're transacting with these guys online you're offering them your credit card details. Cyber criminals can later user that information to their benefit. You should protect yourself with common sense and legitimate anti-virus software because such fake anti-virus applications as Malware Protection now represent about 20% of all malware in circulation. If you made a mistake and purchased it, please contact your credit card company and dispute the charges. And if you still have this fake AV on your computer, please follow the removal instructions below to remove Malware Protection and related malware for free.

Malware Protection 2011 is a re-branded version of Spyware Protection scareware. I'm pretty sure we'll see a whole new set of rogue applications like these two in the next few weeks. In a common scenario, Malware Protection is promoted via infected websites that redirect users to fake virus scanners claiming to sell antivirus software. Well, it's basically a pop-up message, alerting you that your computer is infected with viruses, Trojans or even spyware. Once installed, Malware Protection will pretend to scan your computer malicious software, virus and other security problems. As you can imagine, it will state that your computer is infected. It will block other programs on your computer and will close web browser if you try to download anti-malware or anti-virus software.

It claims that your web browser or any other problem really, was infected by some form of malware that may send your sensitive information to a remove computer or make your computer unusable, e.g., W32/Blaster.Worm.

iexplore.exe can not startFile iexplore.exe is infected by W32/Blaster.wormPlease activate Malware Protection to protect your computer.

This scam has been around for some time now, nothing new. After the fake scan, Malware Protection takes you to a web page where you can purchase it.

The good news is that Malware Protection "designed to protect" can be removed from your computer rather easily. You can reboot your computer in safe mode with networking and download anti-malware tool or you can delete Malware Protection files manually.

SL55J-T54YHJ61-YHG88 you can also use this code (and any email) to register the rogue program. This will stop the annoying security alerts. And the rogue program won't blog security related websites anymore. Then download recommended anti-malware software and run a full system scan to remove the rogue virus from your computer. If you have any further questions, please leave a comment. Good luck and be safe online!

Manual Malware Protection removal instructions:

1. Right click on the "Malware Protection" icon, click Properties in the drop-down menu, then click the Shortcut tab.

4. Restart your computer. The malware should be inactive after the restart.

5. Open Internet Explorer and download TDSSKiller. This malware usually (but not always) comes bundled with TDSS rootkit. Removing this rootkit from your computer is very important (if exists). Run TDSSKiller and remove the rootkit.

6. And finally, download recommended anti-malware software and run a full system scan to remove the rogue virus from your computer.

Malware Protection removal instructions in Safe Mode with Networking:

1. Please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key.

I was so stupid, i registered 'cause i was desperate to finish an online class. Anyway, I was given the exact same registration key. Wanted to call their support/billing hotline but they don't even give it. Thanks for this info, although it was too late. I'm definitely disputing the charges.

There should be an icon on your desktop related to this rogue AV. Right-click it and choose properties, look for file location. Or you can simply search your computer for defender.exe You can also use this serial SL55J-T54YHJ61-YHG88 to register "Malware Protection" in order to stop the fake security alerts that are really annoying. Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.

Thanks to the poster who suggested spam clicking the app to make it crash. I just spam clicked the 'Activate Now' button until it said (Not Responding) in the toolbar. As soon as it said that, I quickly clicked the X in the top right to force close it.

Also once the app crashed I was able to delete the registry key and the defender.exe file, however my .exe was under the All Users folder.

You can also immediately end the operation of the virus by holding Ctrl, Alt, Del and select task manager. After that organize the "user name" tab so that your user name processes are at the top. Look down through there for a 3 or 4 letter .exe program running. Check everything line by line until you get to "local service". If you're in doubt as to which file you need to close you can right click and select properties to view more information. You should recognize all of the processes that are active and the one that doesn't belong should stick out like a sore thumb.

I'm having a problem with this virus. I've found and renamed defender so it no longer runs. However it's disabled my ability to install anything, I get system admin does not allow installations error, event id 1008 in events log. I've tried searching the registry for the problem but can't see it there. This is becoming a real pain.

I used SuperAntiSpyware, hijackThis, and combofix. Although I highly suggest you ONLY USE COMBOFIX if you know what your doing. I mean really know. My boss is an IT guy and he messed up a computer with it.

This is what I did. I opened the file location. And renamed the file my name, because it wouldnt let me delete it with the given defender.exe name. Restarted my computer opened the filet location again and deleted the file (''myname'') & it seems to be working good. I hope it dont come back. I have avg 2011 on my computer currently to protect my laptop! I guesss these things happen sometimes!! :(

I'm using Windows XP. I ran Malware Bytes' Anti-Malware in Safe mode as suggested. It found 5 problems and removed them in safe mode. After it restarted this program is finding nothing in regular mode. The virus seems inactive, but the icon is still showing on my desktop. It says location is defender.exe, but I'm not finding that when I search my computer. Any suggestions?

When the UI popped up, I recognized it as a rogue and manually shut off my computer. Now, I repeatedly tap F8 during start up, but it does nothing and instead goes to a blank screen with nothing but a blinking underscore. How do I kill this virus when I can't start in safe mode (or any mode, for that matter.)

Thanks so much. I just deleted the defender.exe through "find" in safe mode and deleted "malware protection" under Run in CurrentVersion under windows, microsoft, software, HKey_current_user. problem fixed. Thanks and God Bless.

I recently encountered this problem just a couple days ago and I found a solution nobody else has, of course this wasn't my idea, this was a video on Youtube. Here's what you do:1. Go into C:\WINDOWS\system32 and copy/paste tskmngr.exe to your desktop.2. Rename the tskmngr.exe that you copied to the desktop 'explorer.exe'3. Double click on the explorer.exe file and it should open the task manager and end defender.exe4. Go into Search and look for defender.exe and there should be another defender.exe with a bunch of letters and numbers added (Something like DEFENDER.EXE382aD7t)5. If you can't find the file, my virus files were in C:\Documents and Settings\All Users\Application Data and then C:\WINDOWS\Prefetch6. Delete both files into the recycle bin and empty the recycle bin.After that my dad had me download something called SpyBot Search and Destroy.If you have any questions or comments please let me know.-Doommaster1994

Hi,When I first turned on my laptop it kept on popping up. My battery went out and when I plugged it in (an hour 1/2 later) it stopped and now I don't get pop ups. I will say this. I spent about 3 hours trying to find the program and uninstalling things that looked like it. Should I expect to see it again? I didn't even find the defender.exe when I looked it up.

Hey there,When the virus was active and I tried searching for Defender.exe it wouldn't find it, but it did find it after I got the virus to close. Renaming the tskmngr.exe to explorer.exe should work because explorer.exe is what lets you open the windows.-Doom master1994

Seems the location of defender.exe can change slightly depending on which Windows you have. On my wife's Vista Home Basic, it was not in the location listed in this guide.

I found it by opening REGEDIT.EXE (in Safe mode) and reading what the value of that key is. It said "C:\Users\\AppData\Roaming\defender.exe". I went to C:\Users\\AppData\Roaming. Even though I could not list the file (even with dir /ah or dir /as), I did delete it successfully (no error). Then I removed the key as instructed. It seems to have gone away now.

Then just rename defender.exe to defender.vir and restart your computer. Once you're back, the Malware Protection should be inactive. Scan your computer with antimalware software to remove the remains. Good luck!

So just got the virus today... came across this blog. When i go to restart in Safe Mode with Networking, it "freezes" on the screen and says "Please wait... Checking the status of the embedded security chip...)I have a lenova thinkpad T60 with windows xp... and this screen usually shows up when im booting up, but only for a few seconds.

I even tried renaming the file as indicated above, but no luck. Any ideas on how to fix this?

Thanks this helped a lot, but i am curious how could I have possibly gotten it? Can I get it from visiting certain websites? Prehaps one about shaq's sex tape? Because thats where I was when this happened. I am serious btw, really want to know the answer

WOW!!!!! I will recommend this site to all my friends!!! Thank you so much!! We thought all hope was lost on our old pc, due to the malware protection virus. 5 minutes later we were back up and running! Thank you ever so much!

An easier way that I deleted it was I searched in my computer for defender.exe as the original file name, sent it to my recycle bin, opened it from there highlighted it and pressed shift delete. Seems to be gone, Im not sure if this will work for everyone its worth a shot though. I did this from safe mode with networking. Hope this will help someone.

Thank you for this wonderful blog. My work laptop was infected last year. I rebooted the laptop in safe mode but then the screen turned into blank and I lost everything saved in the computer (our helpdesk had to reformat the computer). Then my personal computer got infected once. I immediately turned off the computer and the malware failed to fully load. Last night, the virus infected my computer again. I deleted the defender.exe in normal mode, it did not help. But the registration code you provided is magic. Using MalwareByte, I was able to solve the problem in a couple of hours in total (last year it took me days and still the computer was reformated). Thank you!!!

Thank you soo much,I was not able to open anything on my computer at all couldnt even run it in safe mode,after searching online on another computer in the household..I came across this..I used the fake e-mail and Key code method..It got rid of the annoying pop ups and allowed me to bring up my web browser but it will not connect to the internet in order for me to install malwarebytes..Is there a way to fix this? The maleware protection is still in the task bar and shortcut on my desktop.

i found the application 'defender' and permanently deleted it. I also ran a full scan and removed 2 infections using MalwareBytes. Is this all you do to permanently remove the virus? Any help appreciated.

This works and was very helpful, I used hitman .5 HOWEVER, the main thing was starting in safemode which allowed me to delete the defender.exe file. Hitman found one other file which it said was a possible trojan which I also deleted. POint being you may be able to accomplish this without downloading anything just restating in safe mode an deleting the defender.exe

What I did was I pressed Shift+Ctrl+Esc to bring up Task Manager, went to the "Processes" tab, and ended two processes with random names. This stopped the pop-ups and allowed me to access the internet. Then I downloaded Malwarebytes and ran a full scan, which found 3 infected items. Then I restarted my computer in safe mode and ran another full scan. My computer seems to be clean now.

I followed the suggestions here, and found out that the easy way were to just rename Defender.exe to Defender.vir. This file I found in C:\Documents and Settings\All Users\Application Data and then C:\WINDOWS\Prefetch. After re:boot I could access internet again, and download SpyBot search and Destroy. Big thanks everyone for good hints.

So, I turned my computer on in Safe Mode with Networking and then I pulled the icon on my desktop to the recycling bin and then emptied it. Does this mean my computer is clean? The reason I did it this way is because Malwarebytes anti Malware didn't pick up anything.. :/Please help.

If you are quick enough you can run task manager and try to find "defender.exe". Click on it and press delete then enter, this will stop the program from letting you run browsers etc to download anti malware programs.

Right click on it and copy the "Target" without the file name (you just want the folder). In other words, only copy everything to the left of the last "/".

Click on "Start", "Run" and right click "Paste" the target folder you've copied.

In that folder you'll see a file called "Malware Protection.exe" - or something similar.

You probably can't delete it, so just "Cut" it - using your right mouse button.

Create a new folder and paste it into it.

What you've done is move the problem file to somewhere it can't find on startup.

Restart your computer. Everything should be fine now. Install some anti-virus software. I used Free AVG - which although it tries to persuade you to pay for it at very step is free..--------------------------------

Thank you Julian. This was simple and straightforward. Worked for me. What a insidious program that "Malware Protection".Downloaded and scanned with Malwarebytes and found 1 more infected object. Not sure if it was related.

My son got this on his computer. When I removed it, he got it again - probably in his browsing habits since he likes watching videos he finds on search engines. Since I couldn't find what site it was coming from, I came up with another way to disable it, and make sure he couldn't get it again. The instructions are for Windows 7, but the principle will work with any version of Windows anybody is still running.

In my case, when I started messing with it, the program died and gave me control of the computer back, but if it doesn't do that, you can probably just go into safe mode (with networking) and start up with an administrative account. Go to c:\ProgramData, and find defender.exe. Right click on it and go to properties. Click the properties tab. For system, and for users, deny all privileges to the file. For administrators, deny read and execute permissions for the file. To test this, I restarted the computer, and, as expected, the program could not restart.

After the restart, I went into regedit and searched for c:\ProgramData\Defender, which, of course, led me to the entry in the "Run" key which lists all programs to run automatically at startup. I removed the entry in the registry. With nobody having permissions to execute the file it can't start even if you don't remove it from the registry, but I just wanted it to be clean.

I also removed the shortcut it put on the desktop (which is how I located the program) and the shortcut it put into the start menu.

If it recurs for anyone else, maybe you can have better luck preventing it from coming back by denying privileges.

Wow. Thank's for all the help I thought I was doomed. Vista. I tried to find the easiest way. First I used the key then the email, the product registered. Right after that I did as a comment said to just restore Ur C: drive to a earlier point. That worked great. I can just tell it was a scam. Damn bastard's!

Thank you so much I am not a computer person but with your extremely helpful post and comments I have been able to get rid of this programme from my computer - I used the Malware Bytes software in safe mode and then found the old icon on the desktop which I have put in the waste bin and emptied - I hope we will be OK now

Okay, all you have to do really is the first step in these instructions. Start your computer in safemode when you press F8 while restarting. Then simply restore your computer from a previous date. Takes 2 minutes tops.

WoW! Thank you to everyone for all the different ways to delete this virus! It even shut down my system restore so I was unable to run that. I used Ctrl, Alt, Del and had to hold the del to get rid of the pop up box. then i was able to use my my system restore. My computer is back to normal. Thanks again!

Amazing.....thank you so much....within minutes I got rid of it........One thing positive came out of it....I backed up my hard disk before I messed around wid the prog. Anyhow thank you sooooooo much.......

"That was easy"; I'm glad I read all of the advice on this page, thank you!. Last night this thing showed up on my computer, couldn't open AVG, couldn't do anything. I looked this subject up on my blackberry and found this page, thank God. Heres what I did: I thought I would try booting up the PC normally and typing in the code given here to register this "Malware Protection" and then try to delete the file as instructed; after typing in the email then the code, not 2 seconds passed and AVG identity protection found it and I quarantied it, it was that easy; my assumption is that by registering, it let AVG finally open to detect it and the rest is history...thank you again

Thanks so much for this helpful post,may the authors of this worm meet a rotten end.The anti-viruses would'nt work for me cos of active x controls but if you right click on the malwre protection icon and go into properties the location of the defender software is there then just delete that sucker.Thanks again was in a bit of a tizzy over this for a while. :)

Thanks so much for your help. My OH's work laptop got infected by this. I have been warning him for years that it was only a matter of time!

But, I followed the main instructions, and went into safe mode, downloaded Malwarebytes Anti-Malware. I then found defender.exe, which had a stack of numbers after it. I changed the end, after defender to vir, as suggested by Admin on June 12th. I then updated the software and did a full scan and came out of safe mode and rebooted. It looks fine now, so hopefully it should be okay. But...if my OH dares to look at those sites on the work laptop again!!!!!

malawarebytes or whatever its called i forgot lolWorked Aweswomely , I Did a flash scan , it scanned all my registreys And found 3 of the bastards so i got rid of them aswell as some otherr malwareThank you so much for this simple and easy to understand tutorial

Whoever posted this solution is an absolute legend :) Thanks so much! I actually can't thank you enough.. You saved me from paying a massive bill to my local 'IT expert' And I feel very satisfied with myself for fighting the virus on my own! May good things come your way in return :)

Okay, so I installed SuperAntiSpyware and so far I haven't had any problems with the pop up HOWEVER, I can't find most of my files on my computer anymore. I don't know how to find my files, as they are hidden. I know they're there because when I put in my Sims cd the game will run and my old files are on the computer, however, when I go through my program files the folders are empty. Any help would be a blessing. Thanks!

I ran spy bot and a few others, but they didnt work. Finally right clicked on the shortcut, and found the 'defender.exe' file. Make sure you have 'show hidden files and folders' clicked in you folder options/view, or you wont see it. I used 'Shredder' to delete it. Half Saturday Gone over this virus, but now I have my PC back.Good Luck, I hope this HELPS.

Thanks for this great solution, and leading me into the right direction to clear up the problem. I found an easier way for windows vista that I used. Problem wouldn't allow me to do anything on my computer. I solved it by restarting my computer, hit f11 before lo in screen appears, this will take you into system recovery mode. Select system restore. I restored my system back to the day before I got the malware virus.. This worked perfectly for me on windows vista.

Hey everyone, S I got this virus and followed the instructions to delete it. Great. But now I have a huge problem. I have been getting the blue screen of death when I login normally. I can't go more than 3 minutes without my computer crashing. I have ran a quite a few scans with malwarebytes and mrc but cannot find anything else. Luckily I can work just fine in safemode with networking. ANy advice to fix this problem? Here is the image of the BSOD http://img96.imageshack.us/img96/8664/dscf5840h.jpg

using the registration key allowed me to kill it .When it started AVG11 detected it but could not kill it. INstalled malware bytes scanned 3 times and now I am showing clean. On reboot searches from Firefox and IE were being redirected. Check connections and turn off any proxies FIxxed firefox but IE will not start now reinstalling IE8 for the Family. I am the firefox fan

I tried starting in safe mode with networking and doing a ctrl alt delete to see the processes, I immediately saw defender.exe running but before I can delete it, the process box disappears, I am not that computer savvy and want to attempt removal again, but wonder what is easiest?

Thank you so much! I am clueless when it comes to computers and such, but I actually did all this without my brother's help :D. I deleted the malware and my computer had restarted, I don't know what to do next, but it's working fine right now. Thank you again!

Thank you for your superb instructions! It was all the information I needed to be assured I got rid of that bumhole malware, especially when I was extremely frustrated when I couldn't even F8 my way to restarting my computer into safe mode.

HELPPPPPPPPPPPPPPPP Needed.Hey there, I need serious help plz. I have this worm and basically at first when the program ran I just left it to do its thing thinking its really scanning my laptop and finding virusses. Now all I am left with on my desktop is My Computor and Rescycle Bin. I am connected to the internet but cant get to it. Pressing on start it has nothing but solitaire and a calculator. And going into all programs there is just system restore program that doesnt work. According to to my c drive space all my stuff is still on my computor i just cant see or do anything can anyone be so kind to take me threw what to do plz.

when i turn on my laptop(windows vista) the malware virus starts up and doesnt let me access any programs but after a while it disapears and lets me onto the internet, i find this website and download STOPzilla it allows me to download it fully but when i launch STOPzilla its says the following...STOPzilla was unable to start!Error code:2001Extended error code 2Please try launching STOPzilla again.If you see this message again please contact STOPzilla Customer Support at 1-877-877-9944

Hi sweet people, Check this out, I had an XP and a Vista with this lie of a problem, here is all I had to do. This worked on both XP and Vista. place your computer in safe mode with networking.Next do a system restore. That is all it took. I hope this works for everyone else. Don't forget to restore to a date before this treachery started. P.S. I love you fools so effin much. Peace Out my little jees?!@"@!)

- you right click the icon on your desktop- you click ''open containing folder''- you right click the icon name privacy or so...- you simply ''cut'' it using the right click- you create a new folder- you paste this shit/malware in- you rename it as fu*** nice name you can think of- you delete this motherf***- you enjoy a cold glass of iced tea while downloading any protection programm

You guys are awesome. Could not find defender.exe on our Windows Vista so I used"Malware Protection removal instructions in Safe Mode with Networking:" I ran the TDSSKiller utility and then used the freeware MalwareBytes anti-malware. Ran windows update, backed up and I am up and running. THANK YOU! Happy Holidays!

I did it a really simple way. make sure "show hidden files" is on, right click the shortcut for the b*st*rd thing, click properties, show file locations, delete the shortcut and application files that come up.

I got this about a month ago and when the scan ran it just went away so I did the steps to remove it and it was good.

Now its back though all of a sudden and I can't get rid of it with any of these steps. I can't open the computer in safe mode of any kind because it tells me, "windows could not connect to the Sens service"... So I click OK and it sends me back to choose a user. So I can only log on in normal mode. I tried to use that registration key to make it go away but it didn't work. I can't run anything to make it go away until the scanner is gone. Help?!

Blog Archive

Blogroll

Rate This Blog or Leave a Review

About Me

Hi there, and welcome to my humble web presence. I'm Michael Kaur. Malware squasher, geek, and blogger based in Los Angeles, CA. If you'd like to contact me, the easiest way is through email given below or Google+. Simply add me to your Google Plus circles.

DisclaimerThis blog provides reliable information about the latest computer security threats including spyware, adware, browser hijackers, Trojans and other malicious software. We do NOT host or promote any malware (malicious software). We just want to draw your attention to the latest viruses, infections and other malware-related issues. The mission of this blog is to inform people about already existing and newly discovered security threats and to provide assistance in resolving computer problems caused by malware.